Pentesting: Android Style

While I definitely would not recommend replacing your trusty laptop with an Android, at times you will need to kick ass sans laptop.  So lets take a look at what the android can do at this point with the various programs.

Nmap for Android (https://market.android.com/details?id=com.wjholden.nmap)

While only $2.99, this is a port of nmap for Android.  The interface is pleasant, and tuned for the android’s smaller screen.  Very nice touch.  I had considerable trouble running the program though.  My traditional scan is ‘-vv -A -oA’, with an occasional ‘-p 1-65535’.  I gave the options of -A, –system-dns (as recommended by the developer) and -vv to rageweb.info.  Error: NSE: failed to initialize the script engine: could not locate nse_main.lua.  I tried it again, now I get ‘Error detected at runtime: Parse error on line 53279 of nmap-os-db file: CI=I%II=I%SS=S%TS=U).  Also errors on line 53280, 53281, 53282, and it keeps going and going.  This may just be a bad SVN, so I sent in a bug report.  Hopefully we can update this later!

5.59Beta1 was the latest version on SVN that I could grab.  I gave it a go, in a ‘nmap showdown’ to get some speed estimations for a i7 vs a droid X.  I utilized the same wifi and to do the scan (which is not where rageweb.info resides).  The i7 was done in 21.83 seconds, blazing as expected.  When I get a working nmap on android, I’ll update this with the speed!

Router Passwords (https://market.android.com/details?id=net.davidgouveia.routerpasswords)

Router password databases can be useful, but I find they usual aren’t.  For the most part ‘admin’ ‘admin’ will work, or ” ‘admin’.  They are good to have, as they take up little space though.  The interface included is useful, since it is searchable and decently laid out so that you can find what you need quick.  Good to have, but definitely not something that will get used as often as something like faceniff or vz wifi connect.

Penetrate (http://underdev.org/penetrate/)

Penetrate is a very old (in the app world) program that can be used to find flaws in WAPs to gain access.  A friend of mine, as well as myself, have never actually seen it detect a hackable router though.  Europeans, or other non-US markets may have more success.  This has also been removed from most places, so finding a copy may be rather difficult.

DroidSheep (https://market.android.com/details?id=de.trier.infsec.koch.droidsheep)

Droidsheep is a new iteration of faceniff/firesheep.  It is very new, so for the time being, I’ve just been using faceniff to do my dirty work.

FaceNiff (http://faceniff.ponury.net/)

Faceniff was the original firesheep (http://codebutler.com/firesheep) port to the android.  Very simple, and somewhat effective have been my conclusions.  The interface is awesome, just a power button.  From there, It can definitely identify accounts to steal.  My issue has been that they are almost always ‘unidentified’ and not hijackable.  There have been a few reports of tweaks to fix this, but I’ve just been too busy lately.  I have used it successfully, and it is quite powerful and awesome when it works.  But most of the time I get the ‘unidentified’ problem.  This was with faceniff v1.  Problems have arisen for the faceniff developer unfortunately, and paypal shut down his account.  He has had issue finding another place that will let him collect funds for the app, so v2 may be the last.  v2 is supposed to support sslstrip (http://www.thoughtcrime.org/software/sslstrip/), but we’ll see what happens!

Vz WiFi Connect (https://market.android.com/details?id=com.piusvelte.vzwificonnect)

In places where Verizon FIOS is prevalent, there is tons of default WEP keys.  Remember back in Sept 2008 when the report came out about the problem (http://seclists.org/bugtraq/2008/Sep/311)?  A few websites on the Internet quickly gave the ability to plug in a SSID and get the keys.  But that meant you needed Internet to get Internet.  Luckily Vz WiFi Connect came out, and it is amazing.  It will scan the wifi hot spots from the phone, and then list them out. Select the one, and it will give you the keys.  Best part is you can click and hold on a vulnerable wifi and it will automatically connect with the WEP key it just deciphered.  AMAZING!

Image Reference: http://topnews.ae/images/phone-hacking.jpg

Comments are closed